<div>
  In such places as project description, user description, view description, and
  build description, Jenkins allows users to enter some free-form text that
  describes something. This configuration determines how such free-form text is
  converted to HTML. By default, Jenkins treats the text as HTML and use it
  as-is unmodified (and this is default mainly because of the backward
  compatibility.)

  <p>
    While this is convenient and people often use it to load &lt;iframe>,
    &lt;script>. and so on to mash up data from other sources, this capability
    enables malicious users to mount
    <a href="https://en.wikipedia.org/wiki/Cross-site_scripting">XSS attacks</a>
    . If the risk outweighs the benefit, install additional markup formatter
    plugins and use them.
  </p>
</div>
